In this blog, I will be demonstrating about Log Intelligence ‘s capability which provides unified visibility into VMware Cloud on AWS NSX-T network packet logs.
VMware Log Intelligence is the only logging solution which gives you NSX & Audit Logs from VMware Cloud on AWS.
Benefits / Use Case
Following are the benefits and applicable use cases
Benefit
|
How
|
Use Case
|
Monitor Logical Network (Segments)
|
Automatically forward the logs to Log Intelligence service when a logical network was created, changed or deleted in VMC
|
Troubleshooting Use case -
Assists in troubleshooting of any network issues due to any network change.
Also allows you to keep in check the number of networks created in the cloud
|
Monitor Firewall Rules
|
If enabled from VMC Console logs will be saved in Log Intelligence service when a firewall rule is created changed or deleted in VMC
This is for both Gateway (Compute & Management) and Distributed firewall
|
Security Monitoring -
Firewall and NAT rules are a critical feature which keeps the SDDC secure.
Using this you can maintain the security of the SDDC
|
Monitor NAT rules
|
Automatically forward the logs to Log Intelligence service when a NAT rule is created changed or deleted in VMC
|
Application Monitoring -
Analyze traffic sources and destinations for the application.
|
Enable logging for Firewall Rule(s)
By default, firewall rules don’t save logs in Log Intelligence service. You will need to enable it from VMC Console.
Management Gateway Firewall Rule
In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Management Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states
“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”
Compute Gateway Firewall Rule
In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Compute Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states
“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”
Distributed Firewall Rule
In the Networking & Security Tab of the SDDC navigate to Distributed Firewall under Security section, select your preferred section and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states
“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”
NSX-T for VMware Cloud on AWS - Content Pack
Log Intelligence has made it simple by providing an OOTB content pack for NSX-T for VMware Cloud on AWS. This content pack provides powerful insights into the NSX-T firewall rules, packet traffic rules created in VMware Cloud on AWS along with audit details allowing administrators to audit, monitor and troubleshoot the behavior of configured rules in their VMware Cloud on AWS environment
Procedure to enable/disable content pack
Navigate to Content Pack menu to enable/disable content pack
Samples Log Messages from the OOTB Content Pack
NSX-T for VMware Cloud on AWS | Logical Network Created
NSX-T for VMware Cloud on AWS | Logical Network Deleted
NSX-T for VMware Cloud on AWS | Virtual Machine Created
NSX-T for VMware Cloud on AWS | Virtual Machine Removed
NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Created
NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Changed
NSX-T for VMware Cloud on AWS | NAT Rule Created
NSX-T for VMware Cloud on AWS | NAT Rule Deleted
Sample Alerts
Following are some alerts which were triggered for NSX-T for VMware Cloud on AWS OOTB Alert Definitions
Sample Dashboard
If you would like you can also create a Dashboard which can be used to monitor/troubleshoot
Conclusion
VMware Log Intelligence gives you unified visibility into VMware Cloud on AWS NSX-T network packet logs which allow admins/application owners to troubleshoot/application monitoring along with security monitoring
